From 582188c7dd799321a72d09b1e4cc49eb5dce3e1d Mon Sep 17 00:00:00 2001 From: Kevin Roast Date: Tue, 22 May 2007 15:39:00 +0000 Subject: [PATCH] Fix to webscript authenticators to correctly respect guest/user descriptor for webclient and http auth. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@5751 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../web/app/servlet/AuthenticationHelper.java | 44 +++++++++++++------ .../web/scripts/BasicHttpAuthenticator.java | 2 +- .../web/scripts/WebClientAuthenticator.java | 10 ++--- 3 files changed, 37 insertions(+), 19 deletions(-) diff --git a/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java b/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java index 58c39f3ebe..5e1bab37e7 100644 --- a/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java +++ b/source/java/org/alfresco/web/app/servlet/AuthenticationHelper.java @@ -98,18 +98,36 @@ public final class AuthenticationHelper * User information is looked up in the Session. If found the ticket is retrieved and validated. * If no User info is found or the ticket is invalid then a redirect is performed to the login page. * - * @param guest True to force a Guest login attempt + * @param forceGuest True to force a Guest login attempt * * @return AuthenticationStatus result. */ public static AuthenticationStatus authenticate( - ServletContext context, HttpServletRequest httpRequest, HttpServletResponse httpResponse, boolean guest) + ServletContext sc, HttpServletRequest req, HttpServletResponse res, boolean forceGuest) throws IOException { - HttpSession session = httpRequest.getSession(); + return authenticate(sc, req, res, forceGuest, true); + } + + /** + * Helper to authenticate the current user using session based Ticket information. + *

+ * User information is looked up in the Session. If found the ticket is retrieved and validated. + * If no User info is found or the ticket is invalid then a redirect is performed to the login page. + * + * @param forceGuest True to force a Guest login attempt + * @param allowGuest True to allow the Guest user if no user object represent + * + * @return AuthenticationStatus result. + */ + public static AuthenticationStatus authenticate( + ServletContext sc, HttpServletRequest req, HttpServletResponse res, boolean forceGuest, boolean allowGuest) + throws IOException + { + HttpSession session = req.getSession(); // retrieve the User object - User user = getUser(httpRequest, httpResponse); + User user = getUser(req, res); // get the login bean if we're not in the portal LoginBean loginBean = null; @@ -119,10 +137,10 @@ public final class AuthenticationHelper } // setup the authentication context - WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(context); + WebApplicationContext wc = WebApplicationContextUtils.getRequiredWebApplicationContext(sc); AuthenticationService auth = (AuthenticationService)wc.getBean(AUTHENTICATION_SERVICE); - if (user == null || guest) + if (user == null || forceGuest) { // Check for the session invalidated flag - this is set by the Logout action in the LoginBean // it signals a forced Logout and means we should not immediately attempt a relogin as Guest. @@ -130,8 +148,8 @@ public final class AuthenticationHelper // the last stored username string is cleared. if (session.getAttribute(AuthenticationHelper.SESSION_INVALIDATED) == null) { - Cookie authCookie = getAuthCookie(httpRequest); - if (authCookie == null || guest) + Cookie authCookie = getAuthCookie(req); + if (allowGuest == true && (authCookie == null || forceGuest)) { // no previous authentication or forced Guest - attempt Guest access UserTransaction tx = null; @@ -140,7 +158,7 @@ public final class AuthenticationHelper auth.authenticateAsGuest(); // if we get here then Guest access was allowed and successful - ServiceRegistry services = BaseServlet.getServiceRegistry(context); + ServiceRegistry services = BaseServlet.getServiceRegistry(sc); tx = services.getTransactionService().getUserTransaction(); tx.begin(); @@ -166,7 +184,7 @@ public final class AuthenticationHelper session.setAttribute(AuthenticationHelper.AUTHENTICATION_USER, user); // Set the current locale - I18NUtil.setLocale(Application.getLanguage(httpRequest.getSession())); + I18NUtil.setLocale(Application.getLanguage(req.getSession())); // remove the session invalidated flag session.removeAttribute(AuthenticationHelper.SESSION_INVALIDATED); @@ -219,14 +237,14 @@ public final class AuthenticationHelper // set last authentication username cookie value if (loginBean != null) { - setUsernameCookie(httpRequest, httpResponse, loginBean.getUsernameInternal()); + setUsernameCookie(req, res, loginBean.getUsernameInternal()); } // Set the current locale - I18NUtil.setLocale(Application.getLanguage(httpRequest.getSession())); + I18NUtil.setLocale(Application.getLanguage(req.getSession())); // setup faces context - FacesHelper.getFacesContext(httpRequest, httpResponse, context); + FacesHelper.getFacesContext(req, res, sc); if (loginBean != null && (loginBean.getUserPreferencesBean() != null)) { diff --git a/source/java/org/alfresco/web/scripts/BasicHttpAuthenticator.java b/source/java/org/alfresco/web/scripts/BasicHttpAuthenticator.java index a607cfccb3..f7ce9745d7 100644 --- a/source/java/org/alfresco/web/scripts/BasicHttpAuthenticator.java +++ b/source/java/org/alfresco/web/scripts/BasicHttpAuthenticator.java @@ -76,7 +76,7 @@ public class BasicHttpAuthenticator implements WebScriptServletAuthenticator } // authenticate as guest, if service allows - if (isGuest) + if (isGuest && RequiredAuthentication.guest == required) { if (logger.isDebugEnabled()) logger.debug("Authenticating as Guest"); diff --git a/source/java/org/alfresco/web/scripts/WebClientAuthenticator.java b/source/java/org/alfresco/web/scripts/WebClientAuthenticator.java index 4531b9b881..bcf09e7503 100644 --- a/source/java/org/alfresco/web/scripts/WebClientAuthenticator.java +++ b/source/java/org/alfresco/web/scripts/WebClientAuthenticator.java @@ -83,24 +83,24 @@ public class WebClientAuthenticator implements WebScriptServletAuthenticator, Se { if (logger.isDebugEnabled()) logger.debug("Authenticating ticket " + ticket); - + status = AuthenticationHelper.authenticate(context, req, res, ticket); } else { - if (isGuest) + if (isGuest && RequiredAuthentication.guest == required) { if (logger.isDebugEnabled()) logger.debug("Authenticating as Guest"); - + status = AuthenticationHelper.authenticate(context, req, res, true); } else { if (logger.isDebugEnabled()) logger.debug("Authenticating session"); - - status = AuthenticationHelper.authenticate(context, req, res, false); + + status = AuthenticationHelper.authenticate(context, req, res, false, false); } }